Why People Don't "Do" Security

Lenny Zeltser, of the SANS Internet Storm Center, posted his Three Laws of Behavior Dynamics for Information Security. These laws describe why people follow or don’t follow new security initiatives. Basically, it describes how people react to change overall, but Zeltser focuses on security change specifically.

In short, the laws are:

  1. Individuals will maintain their routines, letting status quo prevail unless a major imbalance occurs.
  2. Individuals will gravitate towards what’s personally gratifying and convenient when making decisions.
  3. An attempt to introduce change will be met with resistance at least equal in force and determination.

Read it all here.

Incidentally, if you’re a security professional or an IT geek that wants to check the daily pulse of security around the world, I’d recommend reading the SANS Handler’s Diary on a daily basis. The diary provides information and analysis about current Internet attacks/scans, vulnerabilities, vendor updates, various security topics, and their current Internet Threat Level.

Leave a comment

Filed under Security

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.